SCAN4NET-13 Add Jira integration (#2154)

SonarSource · Aug 21, 2024 · ce8d2d0 · ce8d2d0
1 parent 3fac8f3
commit ce8d2d0
Show file tree

Hide file tree

Showing 8 changed files with 99 additions and 85 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1 +1,6 @@
-Fixes #<!-- PUT ISSUE NUMBER HERE -->
+Part of <!-- 
+  Only for standalone PRs without Jira issue in the PR title: 
+    * Replace this comment with Epic ID to create a new Task in Jira
+    * Replace this comment with Issue ID to create a new Sub-Task in Jira
+    * Ignore or delete this note to create a new Task in Jira without a parent 
+-->
diff --git a/.github/workflows/CreatePullRequest.yml b/.github/workflows/CreatePullRequest.yml
diff --git a/.github/workflows/MilestoneIssue.yml b/.github/workflows/MilestoneIssue.yml
diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml
@@ -0,0 +1,29 @@
+name: Pull Request Closed
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  PullRequestMerged_job:
+    name: Pull Request Merged
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      pull-requests: read
+    # For external PR, ticket should be moved manually
+    if: |
+        github.event.pull_request.head.repo.full_name == github.repository
+        && github.event.pull_request.merged
+    steps:
+      - id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
+        with:
+          secrets: |
+            development/kv/data/jira user | JIRA_USER;
+            development/kv/data/jira token | JIRA_TOKEN;
+      - uses: sonarsource/gh-action-lt-backlog/PullRequestClosed@v2
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          jira-user:  ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
+          jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }}
diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml
@@ -0,0 +1,29 @@
+name: Pull Request Created
+
+on:
+  pull_request:
+    types: ["opened"]
+
+jobs:
+  PullRequestCreated_job:
+    name: Pull Request Created
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    # For external PR, ticket should be created manually
+    if: |
+        github.event.pull_request.head.repo.full_name == github.repository
+    steps:
+      - id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
+        with:
+          secrets: |
+            operations/team/re/kv/data/github/github-jira-integration token | GITHUB_TOKEN;
+            development/kv/data/jira user | JIRA_USER;
+            development/kv/data/jira token | JIRA_TOKEN;
+      - uses: sonarsource/gh-action-lt-backlog/PullRequestCreated@v2
+        with:
+          github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
+          jira-user:    ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
+          jira-token:   ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }}
+          jira-project: SCAN4NET
diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml
@@ -5,14 +5,24 @@ on:
     types: ["review_requested"]
 
 jobs:
-  MoveCardToReview_job:
-    name: Move card to review
+  RequestReview_job:
+    name: Request review
     runs-on: ubuntu-latest
-    # PRs from forks don't have required token authorization
-    if: github.event.pull_request.head.repo.full_name == github.repository
-        && (github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'MEMBER')
+    permissions:
+      id-token: write
+    # For external PR, ticket should be moved manually
+    if: |
+        github.event.pull_request.head.repo.full_name == github.repository
     steps:
-      - uses: sonarsource/gh-action-lt-backlog/MoveCardToReview@v1
+      - id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
         with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          column-id: 6183857     # Kanban "Review in progress" column
+          secrets: |
+            operations/team/re/kv/data/github/github-jira-integration token | GITHUB_TOKEN;
+            development/kv/data/jira user | JIRA_USER;
+            development/kv/data/jira token | JIRA_TOKEN;
+      - uses: sonarsource/gh-action-lt-backlog/RequestReview@v2
+        with:
+          github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
+          jira-user:    ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
+          jira-token:   ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }}
diff --git a/.github/workflows/StartProgress.yml b/.github/workflows/StartProgress.yml
diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml
@@ -2,33 +2,29 @@ name: Submit Review
 
 on:
   pull_request_review:
-    types: ["submitted"]
+    types: [submitted]
 
 jobs:
-  MoveCardToProgress_job:
-    name: Move card to progress
+  SubmitReview_job:
+    name: Submit Review
     runs-on: ubuntu-latest
-    # Single quotes must be used here https://docs.github.com/en/free-pro-team@latest/actions/reference/context-and-expression-syntax-for-github-actions#literals
-    # PRs from forks don't have required token authorization
+    permissions:
+      id-token: write
+      pull-requests: read
+    # For external PR, ticket should be moved manually
     if: |
         github.event.pull_request.head.repo.full_name == github.repository
-        && github.event.review.author_association != 'NONE'
-        && github.event.review.state == 'changes_requested'
+        && (github.event.review.state == 'changes_requested'
+            || github.event.review.state == 'approved')
     steps:
-      - uses: sonarsource/gh-action-lt-backlog/MoveCardAfterReview@v1
+      - id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
         with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          column-id: 6183856     # Kanban "In progress" column
-
-  ReviewApproved_job:
-    name: Move card to review approved
-    runs-on: ubuntu-latest
-    if: |
-        github.event.pull_request.head.repo.full_name == github.repository
-        && github.event.review.author_association != 'NONE'
-        && github.event.review.state == 'approved'
-    steps:
-      - uses: sonarsource/gh-action-lt-backlog/MoveCardAfterReview@v1
+          secrets: |
+            development/kv/data/jira user | JIRA_USER;
+            development/kv/data/jira token | JIRA_TOKEN;
+      - uses: sonarsource/gh-action-lt-backlog/SubmitReview@v2
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
-          column-id: 6183858     # Kanban "Review approved" column
+          jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
+          jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }}